ASP.NET Misconfigurations

From OWASP
Revision as of 10:05, 5 July 2006 by Weilin Zhong (Talk | contribs)

Jump to: navigation, search

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Description

Many parts of an ASP.NET application are dynamically compiled at runtime (.aspx and .asmx files, for example). You can configure the ASP.NET runtime to compile the application with symbolic information so that the application can be debugged. Symbols (.pdb files) tell the debugger how to find the original source files for a binary, and how to map breakpoints in code to lines in those source files. Debug binaries can reveal detailed debugging messages and inner working of the application. This kind of information can be used by attackers to launch attacks against the application. Debug binaries should not be used in production systems.

Examples

To identify this vulnerablity, look for the following pattern on the compilation section within the system.web group of the Web.config file at the application's root directory:

<configuration>
  <compilation debug="true"/>
</configuration>

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

Categories

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.


This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.